← Back to Recamply
🔒
Security at Recamply
Transparency is our policy. Here is exactly how we handle your data.
🔐
Encrypted
In transit and at rest
🏥
Healthcare Ready
Built to support HIPAA-compliant workflows
🌍
GDPR Aligned
Built with GDPR principles in mind
🚫
No Recording
We never record your meetings
🔑
You Own Your Data
Full control — delete anytime
🛡️
RLS Policies
18+ active policies
🔐 Encryption Details
Data in transit
TLS 1.2 minimum, TLS 1.3 preferred on all connections
Data at rest
AES-256 encryption via Supabase (PostgreSQL)
Passwords
bcrypt hashed — never stored in plaintext
API keys
Encrypted environment variables — never exposed to client
OAuth tokens
Encrypted at rest in database — never logged
Audio files
Temporary processing only — deleted after transcription
🗑️ Data Retention Policy
Meeting transcripts
Processed in memory and automatically deleted after generating results (unless saved)
Audio files
Deleted after transcription — not permanently stored
AI summaries
Stored only if user clicks Save — deleted instantly on request
Brain Sync docs
Stored until user deletes — encrypted at rest
Account data
Deleted within 30 days of account deletion request
Usage logs
90 days for billing and abuse prevention — then purged
Error logs
30 days via Sentry — anonymized where possible
🛡️ Access Controls
→Row Level Security (RLS) enforced on all database tables — users can only access their own data
→18+ active RLS policies covering meetings, documents, integrations, and billing
→Service role keys never exposed to client — all sensitive operations server-side only
→Two-factor authentication (TOTP) available for all accounts
→Session management via Supabase Auth — short-lived JWT tokens with refresh rotation
→Rate limiting on all authentication endpoints — brute force protection enabled
→Admin dashboard protected by email allowlist — no public access
→Google OAuth uses minimum necessary scopes — calendar.events only